Home article search

Using Process Monitor to create log files


After contacting ESET support, you might be asked to recreate your problem and provide us with Process Monitor log files. To do this, you will need Process Monitor software. 

When are Process Monitor log files needed?

Process Monitor log files are typically required to diagnose issues that recede when ESET real-time protection is disabled.



  1. Download Process Monitor from Microsoft Technet or use this direct link.
  2. When your download is complete, extract the .zip file you downloaded and run Procmon.exe. After you accept the license agreement, Process Monitor will run.
  3. Before you can start collecting logs, you must enable advanced output. To do so, click Filter → Enable Advanced Output.

Figure 1-1

  1. If you were asked to create process log files, continue to Gathering process log files.

    If you were ask to create boot log files, continue to Gathering boot log files.


Gathering process log files

  1. Process monitor will begin gathering log files on startup.

Figure 2-1

  1. Clear the log files list, by clicking Clear.

Figure 2-2

  1. When you are ready to recreate your issue, click Capture to start capturing log files and recreate your issue. After recreating your issue, click Capture again to stop recording logs.
  2. Click Save  to save your new log files. In the pop-up window, select All events and then select Native Procesess Monitor Format (.PML) option.
  3. Compress the file to archive (.zip).


Gathering boot log files

  1. Click Options and select Enable Boot Logging.

Figure 3-1

  1. The Boot logging options window will be displayed. Enable Generate profiling events and set the frequency to Every second. Click Yes to confirm your settings.

Figure 3-2

  1. Reboot your computer and recreate your issue. After your system starts up, run Process Monitor. You will be presented with information about a log of boot-time activity being created. Click Yes to save the boot log.

Figure 3-3

  1. Choose a location and save boot log as the Procmon Log (.PML) file. Compress the file to archive (.zip).


Compressing the file

To compress a file to a .zip archive, right-click it and select Send to → Compressed (zipped) folder.

.zip file will be created next to your file with the same name as the original file.


Was this information helpful?